Dynamic Networks: SDN and NFV

The IT and OT technology worlds are going through a new phase of internetworking transition. They are moving from a static setting towards a highly dynamic model.

Historically, networks devices and appliances connected to the network were all hardware based solutions and were installed in a fixed manner to deliver connectivity and protection of data. They were set up and placed into service – all very static. But, the set up took a long time to implement normally measured in many weeks or several months. Activation to bring these devices and appliances online was also slow because it had to be done precisely, so it was highly prone to errors, and demanded lots of testing and evaluation before going live.

Something must change to speed up the overall implementation process, make it all more agile and responsive to changes in user needs, and most importantly, to make it more trustworthy and secure.

In data centres, the virtualization of servers is having a profound effect on both capital and operating costs and scalability of resources to react to the needs of the traffic flows. As servers were virtualized, this proved to be a smart and valuable strategy to squeeze out every compute cycle and to maximize the utilization of the server. Storage has been virtualized too added even more value to the equation. Electrical consumption and air handling costs were seriously reduced to deliver big saving compared to the 1:1 model for applications versus servers.

Therefore, it was a natural next step to virtualize the networks and the connected devices that protect these networks.

A Software Defined Network (SDN) is an open approach to managing the network. A centralized controller remotely controls the routers and switches within the network fabric, which are typically located far away at the network’s edge. SDN uses automation and centralized control to provide speed to network configuration and permit dynamic, on-demand changes to react to fluctuations in the traffic flows. The SDN solution operates hand-in-hand with server virtualization within data centres. As servers are brought online or removed from service to react to varying demands for traffic requests, the network can be scaled to map these same traffic flows to the server variations. The provisioning is automated. SDN separates the data flow plane from the network control plane to permit this virtualization of the network fabric.

Network Function Virtualization (NFV) is similar and interrelated to SDN, but it does not need to be necessarily coupled with SDN. Although they are often seen together. NFV is the application of software defined appliances to the network. These appliances include devices such as edge authentication, firewalls, load balancers, and some routing functions. Traditionally, these network function appliances were hardware based and now under the NFV approach they are software applications running on network edge servers. Like SDN, these appliances are centrally controlled and managed, which delivers speedy agility, permitting rapid change to settings and configurations. Policies and procedural settings can be downloaded and updated dynamically too. These network appliances are virtualized, exactly like the way the networks are managed with SDN.

By virtualizing the networks and the network appliances, the following benefits can be realized:

Flexibility: Operators looking to quickly deploy new services require a much more flexible and adaptable network — one that can be easily and quickly installed and provisioned.

Cost: Cost is a top consideration for any operator or service provider these days, even more so now that they see Google and others deploying massive datacenters using off-the-shelf merchant silicon (commoditized hardware) as a way to drive down cost. Cost is also reflected in OpEX — how easy it is to deploy and maintain services in the network.

Scalability: To adapt quickly to users’ changing needs and provide new services, operators must be able to scale their network architecture across multiple servers, rather than being limited by what a single box can do.

Security: Security has been, and continues to be, a major challenge in networking. Operators want to be able to provision and manage the network while allowing their customers to run their own virtual space and firewall securely within the network.

Virtualization in another service provider network: To meet customers’ needs better, service providers want the ability to substantiate their service anywhere in the world using virtualization.

While it is clearly not a conceptual requirement to implement SDN and NFV together, the capabilities of both technologies complement one another and work well together in supporting a Software Defined Data Centre (SDDC) model. As an example, implementing the concepts of SDN without virtualizing network functions would tie the network to the world of static hardware equipment, which defeats the benefits of SDN.

There have been many benefits proposed for using Software Defined Networking (SDN) and Network Functions Virtualization (NFV) to modernize the datacenter and network. Many of these benefits are fairly near term and quantifiable. However, the biggest value for SDN and NFV is in the enablement of future innovation and services.

Providing more value to customers: In order to create new services and increase revenue streams, broadband service providers must find ways to move further up the value chain and transform themselves from mere connectivity providers. Providing new, specialized services is one way to offer more value to the end user and transform a network from being just carrier-oriented to more functions-oriented.

Examples of value added services that a broadband service provider can offer enterprises include firewalls, encryption, caching virtual private networks, service monitoring voice over Internet Protocol and more. With NFV and virtualization, these value-added services can be added onto switching components using virtual machines.

Leveraging the cloud: As more services move to the cloud, broadband service providers have the opportunity to leverage the growth of the cloud and to offer more value to end users in this aspect as well. SDN and NFV technologies can be deployed to offer more security within the network and support more tunnel mechanism to data centers.

While software-defined networking gets all of the headlines – Network Functions Virtualization (NFV) is a big part of the software-defined data center.

This is because NFV is about unleashing services that run on networks – think intrusion detection/prevention, access control, anti-malware, encryption and so on – from dedicated hardware. This promises to make networks much more agile and cost effective.

But what are the security risks, if any, associated with NFV? There are always trade-offs, especially when it comes to information security. There are a few points to consider regarding NFV associated security risks. The six primary challenges when it comes to deploying NFV: hypervisor dependences, elastic network boundaries, dynamic workloads, service insertion, stateful versus stateless inspection, and available resources scalability.

SDN and NFV offer all kinds of potential to the networking industry. Being able to simplify and virtualize networking equipment, while also improving programmability and control means greater possibilities for the enterprise. But it is important to make sure you are ready to take the first step forward and have everything you need to help you succeed. Get the right building blocks in place and you can truly unlock the potential of SDN.

About the Author:

Michael Martin has more than 35 years of experience in broadband networks, optical fibre, wireless and digital communications technologies. He is a Senior Executive with IBM Canada’s GTS Network Services Group. Over the past 12 years with IBM, he has worked in the GBS Global Center of Competency for Energy and Utilities and the GTS Global Center of Excellence for Energy and Utilities. He was previously a founding partner and President of MICAN Communications and before that was President of Comlink Systems Limited and Ensat Broadcast Services, Inc., both divisions of Cygnal Technologies Corporation (CYN:TSX). Martin currently serves on the Board of Directors for TeraGo Inc (TGO:TSX) and previously served on the Board of Directors for Avante Logixx Inc. (XX:TSX.V). He served on the Board of Governors of the University of Ontario Institute of Technology (UOIT) and on the Board of Advisers of five different Colleges in Ontario as well as for 16 years on the Board of the Society of Motion Picture and Television Engineers (SMPTE), Toronto Section. He holds three Masters degrees, in business (MBA), communication (MA), and education (MEd). As well, he has diplomas and certifications in business, computer programming, internetworking, project management, media, photography, and communication technology.

Search

Search for:

Focus of these posts

Internetworking communication technology is changing our world. It impacts every aspect of commerce and personal life. A great network design is ubiquitous or transparent to the user. Data rates are going in two very different directions. Broadband fibre optics is commonly providing 10 gigabits or more, while the Internet of Things is connecting millions of devices, albeit at just 10, 30, or 100 kbps. Connectivity stitches the world into one shared fabric.